Provides effective real-time threat detection with potential for cost optimization
What is our primary use case?
We are protecting our endpoints, workstations, servers, and cloud workloads. This includes effective use of antivirus and detection and response capabilities.
I am working at Arab Open University, and we are using CrowdStrike Falcon as our security product.
What is most valuable?
The most beneficial part is the active response capability of the product. Being an EDR solution, it helps us identify attacks in real-time. The product runs in the background 24/7. The most interesting aspect is the behavior analysis functionality, which analyzes the behavior of any suspicious activity.
It identifies threats efficiently due to its built-in intelligence and AI capabilities, which has been extremely helpful for our organization.
What needs improvement?
Some features such as device control, firewall management, and file analysis are standalone products that we need to purchase separately. If these features came out of the box within the product, it would be much more beneficial for us. Other providers such as SentinelOne include these features in their base product.
We attended a CrowdStrike Falcon event where they discussed some shallow AI features, but we cannot see these in our panel yet. We work with different solutions such as Darktrace and SocRadar, where AI features are automatically displayed in our dashboards after release. However, for CrowdStrike Falcon, we cannot see these features.
For how long have I used the solution?
We have been using the solution for almost four years.
What was my experience with deployment of the solution?
It is a straightforward plug-and-play deployment.
What do I think about the stability of the solution?
Sometimes there are minor glitches, approximately 1% of the time. The biggest issue occurred when every computer worldwide experienced a blue screen. However, they solved the problems and introduced a new feature for channel updates. This has been much more beneficial, and while human errors can occur in any product, we cannot solely blame CrowdStrike Falcon for such incidents.
How are customer service and support?
The customer service is good and efficient in terms of responding. They could improve by initiating calls for high-priority cases instead of just opening tickets. When we open a support ticket, they should call to discuss what happened and listen to our concerns.
How would you rate customer service and support?
How was the initial setup?
The setup is straightforward, and most of our integration is within the package. However, for the integration part, we need to purchase additional modules from CrowdStrike Falcon. If this functionality was included as a free standalone feature within the built-in solution, it would be more market competitive. Competitors such as SentinelOne and Microsoft Defender provide this functionality out of the box without additional charges.
What was our ROI?
We have not calculated the ROI extensively, as we typically only calculate it when there is dissatisfaction. On a scale of one to ten, the ROI would be five, which translates to approximately 60%.
What's my experience with pricing, setup cost, and licensing?
The solution is a bit expensive.
Which other solutions did I evaluate?
We are using
Darktrace as an email security solution, not as an EDR.
What other advice do I have?
I would rate CrowdStrike Falcon a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Very good experience. Next level generation.
What do you like best about the product?
Ease of deployment, high detection rates.
What do you dislike about the product?
cost. depedency, complexity for beginners.
What problems is the product solving and how is that benefiting you?
Endpoints security and ransoware protection.
Prevent privilege escalation with highest credentials but have issues with updates
What is our primary use case?
We use the solution for Windows and non-Windows infrastructure. We have Falcon clients on all our machines.
How has it helped my organization?
We integrate with CyberArk, which includes DNA reporting, particularly for identifying old and ticket-based attacks. We’ve implemented this integration to receive risk-based scoring. Our strategy focuses on preventing privilege escalation, as our last major incident, NotPetya, resulted from this vulnerability. To address this, we’ve implemented measures through CyberArk and CrowdStrike.
What is most valuable?
When we encounter phishing attacks via email, we sandbox any reported items. Whenever a suspicious email is reported, we conduct sandboxing in CrowdStrike and block emails, domains, and IPs based on the resulting threat intelligence.
The most critical aspect is preventing privilege escalation, particularly for domain admins with the highest credentials. With our integration of CyberArk, passwords are never transmitted to the endpoint. Instead, a secure RDP file is created, and Falcon is used to prevent privilege escalation attempts.
What needs improvement?
As customers, we always update our systems whenever a new release is available, with clients connecting directly to the Internet for these updates. We have an agent who manages these updates on the clients, but as an organization, we don’t have control over them. CrowdStrike should assess the impact on endpoints before releasing such updates.
Our organization now seeks AI-based stock monitoring to prioritize thousands of alerts generated across various platforms. The AI integration is still in its early stages, so we would like to see Falcon develop tools that can integrate with multiple platforms and help identify the highest-priority alerts.
For how long have I used the solution?
I have been using CrowdStrike Falcon Threat Intelligence since 2017. We are using the latest version of the solution.
What do I think about the stability of the solution?
I rate the solution’s stability a nine out of ten.
What do I think about the scalability of the solution?
The integration part is very good. CrowdStrike collaborates with most security vendors, so it's very easy to get one platform for our risk factors across the enterprise.
40 thousand devices are using this solution. We get many alerts from Falcon, sometimes from end users and sometimes from Internet-facing servers.
I rate the solution's scalability a nine out of ten.
How are customer service and support?
We struggle to get specialized resources from CrowdStrike in a few cases.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
CrowdStrike Falcon Black is an on-premise solution that was very complicated, so we faced performance issues. The main reason for the switch is the performance issues reported by multiple application owners.
How was the initial setup?
Initially, we faced many challenges because we had to open ports from each of our subnets to Falcon, as it’s a SaaS solution. Each client needs to communicate with Falcon servers for threat intelligence. Due to the complexity of our network, we had to carefully consider all security aspects when opening the external communication ports to Falcon.
It took 25 to 30 days to deploy it completely.
We began with our Tier 0 servers, which had the most critical and highest privileges. After securing those, we moved on to Tier 1 and Tier 2 as we continued deployment. Our approach was to first address the highest risk factors across the enterprise and then gradually move on to securing endpoints like user desktops and laptops.
I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.
What about the implementation team?
We took professional services from CrowdStrike, so it was done in-house with only two people: one from the execution team and one from the cybersecurity team.
What was our ROI?
When we track the annual priority cases, especially the security incidents, we have made many improvements. That is ROI in terms of tracking security incidents.
What's my experience with pricing, setup cost, and licensing?
I rate the product’s pricing a six out of ten, where one is cheap and ten is expensive.
What other advice do I have?
Most customer requirements focus on email security, so we’ve implemented Mimecast. CrowdStrike Falcon integrates with Mimecast, allowing us to provide advanced security beyond Office 365’s capabilities. With DMARC in place, Falcon helps us identify domains that pose a risk to the organization.
I advise you to look for customer feedback, and then they should also look for Gartner and other industry leaders so you get the ranking.
Overall, I rate the solution a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Helps protect against malware and the maintenance is straightforward, but there are a lot of false positives
What is our primary use case?
Our organization relies on CrowdStrike, a standalone endpoint security solution, to safeguard our bare-metal machines. CrowdStrike continuously monitors for threats on all endpoints. If it detects any suspicious activity, such as malware or malicious processes, it immediately alerts us for investigation.
What is most valuable?
The malware protection is the most valuable feature of CrowdStrike Falcon.
What needs improvement?
The current database schema presents challenges and has potential for improvement.
The technical support response time can be improved.
There are a lot of false positives reported.
For how long have I used the solution?
I have been using CrowdStrike Falcon for almost four years.
What do I think about the stability of the solution?
CrowdStrike Falcon is stable.
What do I think about the scalability of the solution?
CrowdStrike Falcon is scalable.
How are customer service and support?
The technical support is good but the response time can be improved.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used VMware Carbon Black Endpoint. CrowdStrike Falcon is more of an EDR solution.
What other advice do I have?
I would rate CrowdStrike Falcon a seven out of ten.
The maintenance is straightforward.
CrowdStrike Falcon is deployed independently in our environment and we have 30 users.
While CrowdStrike Falcon offers valuable security tools for larger organizations with extensive infrastructure, its complexity might not be ideal for smaller businesses with limited IT resources.
Which deployment model are you using for this solution?
Public Cloud
Very good product
What do you like best about the product?
Falcon Identity Protection is a comprehensive identity protection service that offers several features and benefits, including:
1. Identity Monitoring: It continuously monitors various data sources to detect any signs of identity theft or fraud, such as unauthorized use of your personal information.
2. Credit Monitoring: It keeps an eye on your credit reports and alerts you to any significant changes, helping you catch potential issues early.
3. Dark Web Monitoring: Falcon Identity Protection scans the dark web for your personal information, helping you stay informed if your data appears in suspicious places.
4. Identity Theft Resolution: If you become a victim of identity theft, the service provides assistance and support to help you resolve the situation and restore your identity.
5. Insurance Coverage: Some identity protection services offer insurance coverage to help cover expenses related to identity theft, such as legal fees or lost wages.
6. Customer Support: Many services have dedicated customer support teams to assist you with any questions or concerns you may have.
Please note that the specific features and benefits may vary depending on the identity protection service provider. It's essential to research and choose a service that best suits your needs and preferences.
What do you dislike about the product?
While Falcon Identity Protection and similar services offer valuable benefits, they also have some potential disadvantages:
1. Cost: These services typically come with a monthly or annual fee, which can add up over time.
2. Limited Coverage: Identity protection services can't guarantee complete protection against all forms of identity theft or fraud. They may focus on specific areas like credit monitoring or dark web scans, leaving some vulnerabilities unaddressed.
3. False Alarms: Sometimes, these services can generate false alerts, causing unnecessary concern or inconvenience.
4. Data Privacy: You need to share personal information with the service, which raises concerns about data privacy and security. Ensure you trust the provider and understand their data handling practices.
5. DIY Alternatives: Some of the features offered by identity protection services, like monitoring your credit reports, can be done independently for free. It may be more cost-effective to manage these tasks yourself.
6. No Preventative Measures: These services can help you detect identity theft, but they don't proactively prevent it.
7. Complexity: Depending on the service, there can be a learning curve in understanding how to use all of its features effectively.
Before choosing an identity protection service, carefully evaluate the pros and cons to determine if it's the right solution for your needs. Additionally, consider alternatives, such as monitoring your credit reports independently and implementing strong security practices to protect your identity.
What problems is the product solving and how is that benefiting you?
Falcon Identity Protection, like other identity protection services, aims to address several common problems related to identity theft and fraud. These problems include:
1. **Identity Theft Detection**: Falcon Identity Protection helps detect signs of identity theft early, such as unauthorized use of your personal information. This can prevent more significant financial and personal losses.
2. **Credit Monitoring**: By monitoring your credit reports, it can alert you to any suspicious activity or unauthorized credit inquiries, allowing you to take action promptly.
3. **Dark Web Monitoring**: The service scans the dark web for your personal information, which can help you become aware if your data is being traded or used illegally.
4. **Resolution Assistance**: In the unfortunate event of identity theft, the service offers support in resolving the issues, which can be a complex and time-consuming process on your own.
5. **Peace of Mind**: Knowing that your identity is being actively monitored can provide peace of mind, reducing stress related to identity theft concerns.
6. **Insurance Coverage**: Some identity protection services offer insurance coverage to help cover the costs associated with identity theft, providing financial protection.
The benefits of Falcon Identity Protection and similar services are that they provide a layer of security and support in an increasingly digital world where identity theft is a prevalent concern. They can save you time and effort in monitoring your personal information and provide guidance in case of a security breach. However, it's essential to weigh these benefits against the cost and potential limitations of the service to determine if it's a worthwhile investment for your specific situation.
Falcon Identity Protection - Good for End user behaviour analytics
What do you like best about the product?
1. It gives visibility into end-user behavior analytics like privileged users, risky events, and stale endpoints.
2. Good threat hunting of user authentication events.
3. Offers good connectivity to Windows domain controllers with a single-agent deployment.
What do you dislike about the product?
It generates too many informational alerts and events which are actually genuine in nature.
What problems is the product solving and how is that benefiting you?
It solves the problem of logging user behavior events and generates analytics since most of the attacks originate from end-user authentication anomalies.
A review about left out identity management tool
What do you like best about the product?
Falcon identity protection previously known as preemt is a identity protection tool, it has a use friendly dashboard , and the most useful feature is advance threat hunting using different query to find threat regarding all identity
What do you dislike about the product?
Sometimes there are many redundant data and in appropriate data is shown in the dashboard because of syncing issue . If new updates version are coming then I believe this issue can easily be resolved
What problems is the product solving and how is that benefiting you?
Its advance threat hunting feature is really useful to find threats in your organisation
